Search

CN-122020659-A - Trusted execution environment running state integrity measurement method for TrustZone blockchain node

CN122020659ACN 122020659 ACN122020659 ACN 122020659ACN-122020659-A

Abstract

The invention discloses a trusted execution environment running state integrity measurement method for TrustZone blockchain nodes, which relates to the fields of computer technology and information security and comprises a policy management module, an integrity measurement module, an evaluation module and a security log construction module. The method can measure, evaluate and record the kernel, static component, trusted application and system call in the trusted execution environment of the blockchain node equipment to form a complete log of components and events affecting the integrity of the running in the trusted execution environment. The method and the device are used for solving the problem that the integrity of the prior ARM TrustZone blockchain node device is difficult to ensure the reliability of the whole life cycle of the node when the trusted execution environment runs, and safely and efficiently realizing the running state integrity measurement of the trusted execution environment of the TrustZone blockchain node.

Inventors

  • CHANG XIAOLIN
  • MAO JINGKAI
  • WANG JINGYAN
  • YANG ZHAO
  • WANG KAIWEN
  • Ju Bocheng
  • FAN JUNCHAO

Assignees

  • 北京交通大学

Dates

Publication Date
20260512
Application Date
20260105

Claims (5)

  1. 1. A trusted execution environment running state integrity measurement method for TrustZone blockchain nodes is characterized in that a security measurement agent supporting the method is designed and realized in a trusted execution environment kernel supported by ARM TrustZone, and the design comprises the following steps: a policy management module supporting the method; a metrology module supporting the method; An evaluation module supporting the method; A security log construction module supporting the method.
  2. 2. The policy management module supporting trusted execution environment operational integrity metrics for trust zone blockchain nodes of claim 1, wherein the module comprises: (2-1) a policy design supporting the module, the design comprising: The strategy is composed of one or more strategy rules ) Each policy rule is a triplet including an action ) An event type ) And a set of optional conditions ): The action supports four kinds of measurement, neglect measurement, evaluation and neglect evaluation; the event type supports six types of kernel loading, static component loading, trusted application metadata checking, trusted application calling and executing system calling; the optional conditions support five kinds of trusted application UUID, target UUID, system call ID, trusted application command ID and remeasurement period; (2-2) a policy application step supporting the module, the step comprising: step 1, in the process of constructing the kernel mirror image of the trusted execution environment, a trusted third party compiles a strategy set into a binary data file and then embeds the binary data file into the mirror image; Step 2, when the trusted execution environment kernel is initialized, the binary data file is loaded and parsed out Each of then Analyzing the core memory area into a structure, constructing a structure linked list and storing the structure linked list into a core memory area of the trusted execution environment; step 3, when an integrity event occurs, the security metric proxy subsystem traverses the structure linked list sequentially, and matches the corresponding structure linked list with a matcher based on a bit mask And is completely matched at the first Stopping at the position; step 4, the security measurement agent is based on Declarative and declarative And executing corresponding operation.
  3. 3. The metrics module supporting trust zone blockchain node oriented trusted execution environment runtime integrity metrics of claim 1, wherein the module comprises: (3-1) a static metrology method supporting the module, the method comprising: (3-1-1) static metrics for trusted execution environment kernel after the trusted execution environment kernel is loaded into memory, the security metric proxy pair comprises 、 Performing hash calculation on key segments of the kernel metadata respectively and independently, and finally combining hash results of each segment into a hash chain, performing hash on calculation results and recording; (3-1-2) for static measurement of static components, after the static measurement of the kernel of the trusted execution environment is finished, the security measurement agent sequentially measures and records metadata of the loaded static components; (3-1-3) static metrics for trusted applications after binary data for the trusted applications is loaded into memory, the security metric proxy pair comprises , , Performing hash calculation independently, and finally combining the hash results of each segment into a hash chain, performing hash on the calculation results and recording; (3-1-4) aiming at the static measurement of the trusted application metadata, after the static measurement of the trusted application is finished, the security measurement agent hashes and records the stack size, stack configuration and flag bit calculation result of the trusted application metadata; (3-2) a dynamic metrology method supporting the module, the method comprising: (3-2-1) intercepting call and parsing data including UUID, command ID and call parameters of the trusted application when a session of the trusted application is opened and a command of the trusted application is called for dynamic measurement of the trusted application call; (3-2-2) intercepting call and parsing data when a session of a kernel-state trusted application is opened and a command of the trusted application is called for dynamic measurement of communication between the trusted applications, including a UUID of the trusted application initiating the call, a UUID of the called trusted application, a command ID and a call parameter; (3-2-3) intercepting call and analyzing data when the system call is triggered, wherein the call comprises a caller UUID, an operation type and a call parameter; (3-3) a time-based re-metrology method supporting the module, the method comprising: When a system call is triggered, the security metric agent first checks if the timer exceeds a set time interval, if so, for the kernel or trusted application And And comparing the segments with the baseline value after hash calculation and recording comparison results, and restarting the timer.
  4. 4. An assessment module supporting trusted execution environment operational integrity metrics for trust zone blockchain nodes as in claim 1, wherein the module comprises: (4-1) a reference value list design supporting the module, the design comprising: the reference value list is composed of one or more reference values ) Each reference value is a triplet including a component UUID # - ) An expected abstract% ) And a minimum accepted version @ ): (4-2) An evaluation application step supporting the module, the step comprising: Step 1, in the process of constructing the kernel mirror image of the trusted execution environment, a trusted third party firstly generates a reference value list, then signs the reference value list by using a special private key, finally compiles the reference value list and the signature together into a binary data file, and then embeds the data file and the signature verification public key into the mirror image together; Step 2, when the kernel of the trusted execution environment is initialized, the binary data file and the signature verification public key are loaded, the signature is verified firstly, and then the signature is analyzed in the trusted execution environment after the signature passes through Each of then Analyzing the core memory area into a structure, constructing a structure linked list and storing the structure linked list into a core memory area of the trusted execution environment; step 3, when a local evaluation event occurs, the security metric proxy subsystem first traverses the structure linked list sequentially with the component UUIDs to locate the corresponding one ; Step 4, the security metric agent extracts the calculated abstract Declarative and declarative Comparing and recording the result; step 5, the security metric agent compares the version of the component with the version of the component Declarative and declarative And comparing and recording the result.
  5. 5. The security log construction module supporting trusted execution environment running state integrity metrics for trust zone blockchain nodes of claim 1, wherein the module comprises: (5-1) A safety metric Log ) The design is a tamper-proof log structure for storing recorded integrity events, the log consists of hash chains, each entry @, and the log is composed of a plurality of hash chains ) Is a quadruple: Wherein the event data [ ] is ) Representing captured event-specific context, entry size [ ] ) Representing the complete length of the item and evaluating the result ) Storing the local evaluation result of the event, and storing the first item ) Is a quadruple: wherein virtual PCR ) The hash value representing the entry is stored in the present The event type [ ] ) Hash representing the type of the present integrity event ) Storing the hash value of the item, and hashing the previous item ) An entry representing the entry to which the entry is bound; (5-2) A virtual PCR ) Design of four 32 bytes maintained for security metric agent For expanding Hash value of (4) Respectively expanding events of different types Is a hash value of (2): The method comprises the steps of storing a trusted execution environment kernel static measurement event; For storing static component static measurement events; For storing trusted application static measurement events; for storing dynamic measurement events.

Description

Trusted execution environment running state integrity measurement method for TrustZone blockchain node Technical Field The application relates to the technical fields of computer technology and information security, in particular to a trust protection technology of a blockchain node based on a trust zone trusted execution environment, and discloses a trust execution environment running state integrity measurement method for the trust zone blockchain node. Background The rapid development of the internet of things and edge computing technology has promoted the wide application of blockchain technology, and nodes thereof are increasingly widely deployed in gateways, industrial terminals and various embedded devices with limited resources. However, these nodes typically need to be online for a long period of time and continue to interact with external networks, assuming security sensitive tasks such as transaction verification, participation in consensus, and key management. To protect key code and data in nodes, trusted execution environment technology is introduced to provide a hardware-level trusted root and isolated execution environment. The ARM TrustZone is particularly commonly applied to embedded equipment and Internet of things equipment. The technology enables the security service to run in the isolation domain by dividing the rich execution environment and the trusted execution environment, thereby reducing the direct influence on sensitive data when the rich execution environment is attacked. However, because of the design and implementation limitations of ARM trust zone, it does not provide the usual mechanisms for secure startup, runtime integrity protection, and remote authentication to ensure the security and trustworthiness of devices and systems. This results in nodes that may destroy system trustworthiness during startup or run-time, e.g., launch a startup-time attack with the kernel using an incomplete startup chain, tampered or rolled back firmware, or implement persistent control during run-time by way of exploits, memory corruption, malicious component loading, etc. If the node still participates in the consensus and transaction processing in an untrusted state, an attacker may steal the key, falsify the transaction result or interfere with the consensus process, thereby destroying the security and availability of the blockchain system. Therefore, the reliability of the node needs to be improved, and the safety and the reliability of the whole life cycle of the node need to be ensured. Current technology typically achieves this goal by introducing an integrity metric mechanism at the run-time through secure initiation, and providing trusted metric evidence to an external verifier in combination with remote attestation. For a blockchain node applying TrustZone, the mechanism still has the defects that firstly, a trusted chain is terminated after static mirror verification is completed, and the state change of the running time is difficult to continuously reflect, and secondly, the existing running time integrity protection focuses on an object on the rich execution environment side, so that the state on the trusted execution environment side is ignored due to the lack of the running time integrity protection of key components in the trusted execution environment, and further the security service and the integral trusted guarantee of the node are affected. Therefore, there is a need for a trusted execution environment runtime integrity protection method that can be directed to trust zone devices, and in particular blockchain nodes. Disclosure of Invention In view of the above problems, the present invention provides a trusted execution environment running state integrity measurement method for trust zone blockchain nodes, which deploys a security measurement agent in a trusted execution environment kernel to selectively measure, locally evaluate and record security for kernel, static component, trusted application and system call in the trusted execution environment under policy control, so as to form a complete log of components and events affecting running integrity in the trusted execution environment. The invention effectively solves the problem that the integrity of the prior blockchain node equipment based on ARM TrustZone technology is difficult to ensure the reliability of the whole life cycle of the node when the trusted execution environment runs, and improves the safety and the reliability level based on TrustZone equipment. The invention provides a trusted execution environment running state integrity measurement method for TrustZone blockchain nodes, which comprises the following steps: 1. A policy management module supporting trust zone blockchain node oriented trusted execution environment operational integrity metrics, comprising: (1) Policy design, policy consists of one or more policy rules ) Each policy rule is a triplet including an action) An event type) And a set of o